Even the most cautious users have seen the “The connection is not private” pop-up appear while using their browser. A warning that seems extremely inopportune, especially if you are carrying out an administrative procedure or an urgent work task. But why does it appear to us, even if we consult official websites? Although you should take this alert seriously, it does not mean that you are necessarily facing a fraudulent or malicious page.
What this message from your browser means is that the website you are trying to access lacks a valid SSL/TLS certificate. This virtual document is responsible for encrypting the communication between your browser and the website and, therefore, protecting sensitive information such as personal data, password or banking credentials, among others. Therefore, if you see this message, you should be careful with the information you provide because it may not be protected. Below, we explain what possible causes may be behind this pop-up window and the possible measures you could take.
It is possible that these types of messages appear even on web pages that you know and visit frequently. This is a good indication that your antivirus is working correctly. And behind this message there are a multitude of causes that have left a website unprotected. For example, your SSL/TSL security certificate may simply have expired, be invalid, or have been configured incorrectly by the site administrators.
Sometimes there is not even a security breach. Only, as in the case of public entities, their certificates are generated by their own Certification Authorities (CA), which are usually not recognized by browsers. On the other hand, a cybercriminal has been able to create his own certificate to give credibility to his websites for fraudulent purposes. That is why not all URLs with “https” are secure nor all “http” URLs are insecure.
It is difficult for the user to know when to ignore the message and when to consider the warning. The National Cybersecurity Institute (INCIBE) has compiled a series of good practices that will help you discern a reliable website from a potentially dangerous one:
Only once these filters have been passed can we ignore the message and access the URL if we are sure that we can trust the site.
